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CONTROLLED  ACCESSIBILITY  BIBLIOGRAPHY 
Susan  K.  Reed  and  Martha  M.  Gray 


A  bibliography  of  96  references  on  controlled  accessibility  has 
been  compiled.  The  purpose  in  compiling  this  limited  bibliography  was 
to  free  the  effort  to  solve  the  problems  of  controlled  accessibility 
from  domination  by  discussion  of  the  issues  of  privacy.  Insofar  as 
possible,  except  when  the  two  subjects  are  referred  to  in  the  same  work 
or  for  overriding  historical  considerations ,  references  dealing  with 
privacy  have  not  been  included. 

Key  words:  Confidentiality;  controlled  accessibility;  data  integrity; 
data  security;  security. 


1.  INTRODUCTION 


The  purpose  in  publishing  this  bibliography  on  Controlled  Accessi- 
bility when  several  fine  ones  already  exist  in  the  field  of  privacy  and 
security  is  to  segregate  the  work  on  controlled  accessibility  from  the 
larger  field.  Although  controlled  accessibility  is  an  integral  part  of 
the  privacy  and  security  field,  it  often  is  not  afforded  the  attention 
it  deserves  as  the  instrument  of  accomplishment  of  the  objective  be- 
cause discussion  of  the  entire  field  tends  to  hover  over  the  emotion- 
ally charged  privacy  issue  instead  of  coming  to  grips  with  the  techno- 
logical problems  of  providing  security  for  computer  based  data. 

No  claim  to  exhaustiveness  is  made  for  this  bibliography.  The  in- 
tent is  to  provide  references  to  readily  available  material,  therefore 
classified  documents  and  articles  published  in  journals  of  limited  dis- 
tribution have  been  omitted.  Omission  is  not  meant  to  be  a  commentary 
on  the  value  of  the  work.  This  bibliography  is  aimed  at  those  who  wish 
to  move  past  or  avoid  the  privacy  considerations  and  concentrate  on  the 
methods  through  which  computer  technology  can  protect  data  from  acci- 
dental or  intentional  loss,  disclosure  or  modification. 

Because  some  of  the  terms  basic  to  the  field  of  privacy  and  secu- 
rity have  been  loosely  used  in  the  past  to  refer  to  either  the  privacy 
or  the  security  aspects  of  problems,  thus  contributing  to  the  confusion 
of  the  issues,  it  would  be  well  to  define  some  of  them  here  and  indi- 
cate their  relationship  to  each  other.  These  definitions  have  been  dis- 
tilled from  the  works  listed. 
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Privacy  is  a  concept  which  applies  to  an  individual.  It  is  the  right  of 
an  individual  to  decide  what  information  about  himself  he  wishes  to 
share  with  others  and  also  what  information  he  is  willing  to  accept 
from  others;  i.e.  he  is  freed  from  observation  by  others  when  he  so 
wishes  and  he  is  free  to  select  from  the  universe  the  information  he 
wishes  to  assimilate  unto  himself.  This  concept  is  in  direct  conflict 
with  the  present  trend  toward  collecting  and  storing  a  large  amount  of 
information  about  everyone  and  then  using  it  for  a  number  of  different 
purposes.  The  resolution  of  such  matters  will  have  to  be  achieved 
through  legal  channels  and  is  not  within  the  purview  of  controlled 
accessibility.  The  privacy  issue  has  not  resulted  from  the  development 
of  computers,  but  the  heightened  interest  in  it  can  be  laid  to  the  capa- 
bility of  computers  for  storing  vast  amounts  of  readily  usable  data. 

Confidentiality  is  a  concept  which  applies  to  data.  It  is  the  status 
accorded  to  data  which  has  been  agreed  upon  between  the  person  or 
organization  furnishing  the  data  and  the  organization  receiving  it  and 
which  describes  the  degree  of  protection  which  will  be  provided.  It  is 
the  confidentiality  of  data  that  requires  protection,  not  the  privacy. 

Security  in  the  computer  community  is  the  realization  of  protection  for 
hardware,  software  and  data. 

Data  security  is  the  protection  of  data  against  accidental  or  inten- 
tional destruction,  disclosure  or  modification  using  both  physical 
security  measures  and  controlled  accessibility. 

Physical  security,  as  it  pertains  to  computers,  does  not  differ  from 
physical  security  for  other  installations.  It  is  achieved  through  the 
use  of  locks ,  guards ,  badges ,  personnel  security  clearances  and  adminis- 
tratively controlled  measures  outside  the  computer  as  well  as  measures 
required  for  the  protection  of  the  structures  housing  the  computer  and 
related  equipment  against  damage  from  accident,  fire  and  environmental 
hazard,  thus  ensuring  the  protection  of  their  contents. 

Controlled  accessibility  is  the  technological  measures  of  hardware 
and  software  available  in  a  computer  system  for  the  protection  of  data. 

Data  integrity  is  the  guarantee  of  the  organization  maintaining  data 
that  it  is  free  from  error,  i.e.  it  does  not  differ  from  its  source 
documents,  and  that  it  has  not  been  exposed  to  accidental  alteration, 
disclosure  or  destruction. 

The  authors  wish  to  thank  Peter  S.  Browne  of  State  Farm  Mutual 
Automobile  Insurance  Company  and  Dr.  Lance  Hoffman  of  the  University  of 
California,  Berkeley,  for  providing  a  copy  of  an  unpublished  bibliog- 
raphy on  privacy  and  security  which  they  had  assembled. 
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